C004—Prevent out-of-scope outputs
>Control Description
Implement safeguards or technical controls to prevent out-of-scope outputs (e.g. political discussion, healthcare advice)
Application
Mandatory
Frequency
Every 12 monthsCapabilities
Text-generation, Voice-generation
>Controls & Evidence (3)
Technical Implementation
C004.1
Config: out-of-scope guardrailsCore - This should include:
- Detecting and blocking out-of-scope requests. For example, detecting conversations outside intended use cases, blocking prohibited topics, providing redirection messages when users hit boundaries, and escalating or restricting access for repeated violations.
Typical evidence: Screenshot of blocking rules, defensive prompting, or filtering configuration showing how out-of-scope requests are detected and handled - may include topic blocklists, redirection message templates, escalation rules for repeated attempts, or system prompts defining allowed topics.
Location: Engineering Code
C004.2
Logs: Out-of-scope attemptsCore - This should include:
- Tracking out-of-scope violations and updating boundaries. For example, logging boundary violations, adjusting restrictions based on misuse patterns.
Typical evidence: Logs showing out-of-scope attempts with frequency data. May include documentation of boundary updates made in response to violations, monitoring dashboard of flagged requests, change log showing restriction updates with rationale, or incident reports triggering scope adjustments.
Location: Logs
C004.3
Demonstration: User guidance on scopeSupplemental - This may include:
- Providing user guidance on system capabilities and limitations. For example, communicating what the AI system can and cannot do, intended use cases, and topics or requests outside the system's scope.
Typical evidence: Screenshot of user-facing guidance explaining system capabilities and limitations - may include onboarding tooltips or welcome screens, help documentation or FAQs describing intended use, UI warnings when approaching scope boundaries, or published usage guidelines.
Location: Product
>Cross-Framework Mappings
NIST AI RMF
Ask AI
Configure your API key to use AI features.